Added pkcs5_pbkdf2_hmac to lib_crypto.cr and pkcs5.cr

Makefile

@@ -27,7 +27,7 @@ static ?=       ## Enable static linking
 O := .build
 SOURCES := $(shell find src -name '*.cr')
 SPEC_SOURCES := $(shell find spec -name '*.cr')
-FLAGS := $(if $(release),--release )$(if $(stats),--stats )$(if $(progress),--progress )$(if $(threads),--threads $(threads) )$(if $(debug),-d )$(if $(static),--static )
+FLAGS := $(if $(release),--release )$(if $(stats),--stats )$(if $(progress),--progress )$(if $(threads),--threads $(threads) )$(if $(debug),-d )$(if $(static),--static )$(if $(CRYSTAL_FLAGS),$(CRYSTAL_FLAGS) )
 SPEC_FLAGS := $(if $(verbose),-v )$(if $(junit_output),--junit_output $(junit_output) )
 EXPORTS := $(if $(release),,CRYSTAL_CONFIG_PATH=`pwd`/src)
 SHELL = bash

bin/ci

@@ -170,6 +170,7 @@ with_build_env() {
     "$ARCH_CMD" /bin/bash -c "'$command'"
 
   on_osx PATH="/usr/local/opt/llvm/bin:\$PATH" \
+    CRYSTAL_FLAGS="\"--link-flags -L/usr/local/opt/openssl/lib\"" \
     CRYSTAL_CACHE_DIR="/tmp/crystal" \
     /bin/bash -c "'$command'"
 

spec/std/openssl/pkcs5_spec.cr

@@ -12,4 +12,15 @@ describe OpenSSL::PKCS5 do
       OpenSSL::PKCS5.pbkdf2_hmac_sha1("password", "salt", iterations, key_size).hexstring.should eq expected
     end
   end
+
+  it "computes pbkdf2_hmac" do
+    [
+      {1, 16, "0c60c80f961f0e71f3a9b524af601206"},
+      {1, 32, "0c60c80f961f0e71f3a9b524af6012062fe037a6e0f0eb94fe8fc46bdc637164"},
+      {2**16, 16, "1b345dd55f62a35aecdb9229bc7ae95b"},
+      {2**16, 32, "1b345dd55f62a35aecdb9229bc7ae95b305a8d538940134627e46f82d3a41e5e"},
+    ].each do |(iterations, key_size, expected)|
+      OpenSSL::PKCS5.pbkdf2_hmac(:sha1, "password", "salt", iterations, key_size).hexstring.should eq expected
+    end
+  end
 end

src/openssl/lib_crypto.cr

@@ -186,6 +186,7 @@ lib LibCrypto
   fun md5 = MD5(data : UInt8*, lengh : LibC::SizeT, md : UInt8*) : UInt8*
 
   fun pkcs5_pbkdf2_hmac_sha1 = PKCS5_PBKDF2_HMAC_SHA1(pass : LibC::Char*, passlen : LibC::Int, salt : UInt8*, saltlen : LibC::Int, iter : LibC::Int, keylen : LibC::Int, out : UInt8*) : LibC::Int
+  fun pkcs5_pbkdf2_hmac = PKCS5_PBKDF2_HMAC(pass : LibC::Char*, passlen : LibC::Int, salt : UInt8*, saltlen : LibC::Int, iter : LibC::Int, digest : EVP_MD, keylen : LibC::Int, out : UInt8*) : LibC::Int
 
   NID_X9_62_prime256v1 = 415
 

src/openssl/pkcs5.cr

@@ -4,6 +4,26 @@ module OpenSSL::PKCS5
   def self.pbkdf2_hmac_sha1(secret, salt, iterations = 2**16, key_size = 64) : Bytes
     buffer = Bytes.new(key_size)
     if LibCrypto.pkcs5_pbkdf2_hmac_sha1(secret, secret.bytesize, salt, salt.bytesize, iterations, key_size, buffer) != 1
+      raise OpenSSL::Error.new "pkcs5_pbkdf2_hmac_sha1"
+    end
+    buffer
+  end
+
+  def self.pbkdf2_hmac(algorithm : Symbol, secret, salt, iterations = 2**16, key_size = 64) : Bytes
+    evp = case algorithm
+          when :md4       then LibCrypto.evp_md4
+          when :md5       then LibCrypto.evp_md5
+          when :ripemd160 then LibCrypto.evp_ripemd160
+          when :sha1      then LibCrypto.evp_sha1
+          when :sha224    then LibCrypto.evp_sha224
+          when :sha256    then LibCrypto.evp_sha256
+          when :sha384    then LibCrypto.evp_sha384
+          when :sha512    then LibCrypto.evp_sha512
+          else                 raise "Unsupported digest algorithm: #{algorithm}"
+          end
+
+    buffer = Bytes.new(key_size)
+    if LibCrypto.pkcs5_pbkdf2_hmac(secret, secret.bytesize, salt, salt.bytesize, iterations, evp, key_size, buffer) != 1
       raise OpenSSL::Error.new "pkcs5_pbkdf2_hmac"
     end
     buffer